Skip to main content
Manus에서 모든 스킬 실행
원클릭으로

graphql-injection-and-abuse

스타2
포크1
업데이트2026년 7월 9일 12:42

SAST detection methodology for GraphQL injection and abuse (CWE-400, CWE-285), covering introspection in production, batching/aliasing/deep-nesting DoS, missing depth/complexity/cost limits, object- and field-level authorization gaps in resolvers (BOLA/BFLA), injection propagating through resolvers into SQL/NoSQL/OS sinks, mutation IDOR, and verbose schema-leaking errors. Use when reviewing GraphQL schemas, resolvers, or server config (Apollo, graphql-js, graphene, graphql-java). Writes confirmed findings to findings/09-graphql-injection-and-abuse.md.

설치

Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.

SKILL.md
readonly